The latter part of that URL would imply a PHP script's insecue use of a "system" or "passthru" call. The earlier part would imply, as you say, a url-load from "include" (or "fopen") where an application has not validated the file path. Either way, these are problems specific to the script, not php5 itself.
Since this bug report was related to CVE-2007-1718 and has been closed, please move the discussion elsewhere: - If there is a bug specific to php5 itself, please open a new bug report. - If you're interested in seeing the default setting for "allow_url_include" to be changed, please bring this up on the ubuntu-devel mailing list. Note, however, that the system default on current Ubuntu system is already "allow_url_include = Off" Thanks again for the report, and please feel free to report any new bugs you may find. -- PHP Folded Mail Headers Email Header Injection Vulnerability https://bugs.launchpad.net/bugs/113249 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
